Enabling single sign-on for Windows desktop

Configure HCL Docs to use SPNEGO for single sign-on (SSO). This configuration permits users to sign in to the Microsoft Windows desktop and automatically authenticate with HCL Docs.

Before you begin

Verify that HCL Connections and HCL Connections Docs works correctly without the SPNEGO authentication protocol.

About this task

The following steps assume that HCL Docs and Connections are in the same cell.

Procedure

Complete the steps to enable SSO for HCL Docs to use SPNEGO.
  1. Make sure you have configured SSO for Connections to use SPNEGO. To configure Connections to use SPNEGO for single sign-on (SSO), see Enabling single sign-on for Windows Desktop in the Connections product documentation. And make sure the SSO to use SPNEGO works first for Connections.
  2. Map Active Directory account and create service principal name and keytab file for HCL Docs nodes.
    1. Follow the guide Mapping an Active Directory account to administrative roles to map Active Directory account for Docs nodes, Viewer nodes (if Viewer is not installed on same nodes with Connections), and Conversion nodes.
    2. Follow the guide Creating a service principal name and keytab file to create service principal name and keytab file for Docs nodes, Viewer nodes (if Viewer is not installed on same nodes with Connections), Docs nodes, and Conversion nodes.
    3. After you merge these new created keytab files into the Deployment Manager keytab file, and use the new merged keytab file to create Kerberos configuration file, for example, krb5.conf. Copy the two files (new merged keytab file and krb5.conf file) into the location that you configured in the guide Configuring SPNEGO (and Kerberos optionally) on WebSphere Application Server.
  3. Synchronize to all nodes first and restart all servers, including node agent, Deployment Manager, Connections, and Docs servers.